Pathways Into Darkness: Hunting for Adversary Behaviors Atop the Pyramid Of Pain
Analysts are becoming swamped with the work of processing and searching for atomic indicators from intelligence reporting. Simultaneously, analysts are being asked to hunt but may not know where to start. This talk will explore the benefits of and strategies for reading subscription and OSINT reports rather than just programmatically scraping IOCs. The aim is for attendees of any background to walk away with the desire and capability to generate actionable ideas for seeking out badness in their environment.
Kyle Gervais is a Threat Intelligence Analyst at a Fortune 500. He has experience with incident response as a multi-tier SOC analyst, and has a background in computer science problems involving Too Much Data. Kyle takes his name from the father of John Connor (no that is not a joke), firmly believes that CTF-Face is the best FPS map ever created, and enjoys most things DFIR/CTI. On a typical day he can be found ranting to his cat about the fourth amendment while reading .bash_history to remember what he broke.